RE: [sniffer] Rollback of bot rules..

Tue, 17 Jan 2006 15:43:02 -0800 

Thank you, Pete.

In my spelunking, I've found too many rules to put in as panic entries
my .cfg file, and this morning I dropped the weight for my experimental
class tests to low values, and heavily edited my "combo" tests that
build on Sniffer hits.

I'm attaching a report showing the number of hits for the various rules
that I'm pretty sure are false positives, and this was from a modest
sample of my traffic.

Now that the source of the bad rules is gone, and I see that the latest
.snf update's file size has significantly shrunk, I'm going to find all
the rules that triggered tests 61 and 63 and re-queue them in my Declude
for scanning to get the false positives through my mail system.

Andrew.

 

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
> Sent: Tuesday, January 17, 2006 2:06 PM
> To: [email protected]
> Subject: [sniffer] Rollback of bot rules..
> 
> Hello Sniffer Folks,
> 
>   There is an unknown problem with the bots surrounding SURBL and
>   SORBS testing. Rather than search for all the needles in all the
>   haystacks we are taking the following action:
> 
>   The bots will be offline until further notice - so all rules will be
>   those that are developed by our human rule-techs for the time being.
> 
>   All SURBL or SORBS related rules that were generated by bots in the
>   past 18 hours will be rolled into our Problematic rule group. This
>   is where rules go when they have been removed due to an FP - the
>   Problematic rule group does not get published - it simply prevents
>   rules from being duplicated.
> 
>   Since we have a huge backlog of false positive reports, it may take
>   a while to get through them all. Please be patient.
> 
>   The database changes will occur in the next half hour. All updates
>   after that time should have these troublesome rules removed.
> 
>   Once I resolve what happened to the bots I will let everyone know.
> 
> Thanks,
> _M
> 
> Pete McNeil (Madscientist)
> President, MicroNeil Research Corporation Chief SortMonster 
> (www.sortmonster.com) Chief Scientist (www.armresearch.com)
> 
> 
> This E-Mail came from the Message Sniffer mailing list. For 
> information and (un)subscription instructions go to 
> http://www.sortmonster.com/MessageSniffer/Help/Help.html
> 

     10 491587
      1 534442
      4 618807
      1 800976
     16 802046
      1 802834
      1 802871
      1 803025
      5 803052
      1 803099
      1 803115
      1 803163
     43 803228
      5 803243
      1 803403
      1 803530
      5 803621
      1 803967
      6 804085
      3 804105
     10 804289
      3 804436
      1 804561
      4 804788
      1 805080
      1 805141
     32 805157
      1 805270
      5 805273
      2 805306
      1 805367
     10 805460
      2 805475
      1 805517
      4 805528
      3 805531
      3 805613
      1 805807
      1 805863
      1 806121
      3 806338
      2 806396
     40 806424
     21 806488
     11 808137
      2 808421
      2 808456
      1 808733
      2 809667
      1 809928
     60 810112
      3 810136
      1 810761
      1 810833
      2 811233

Reply via email to